Granular Lifecycle Management - Operators

This tutorial explains the various lifecycle actions that an operator can manage. Operators manage the entire lifecycle of identity devices, applications, and issued credentials ensuring compliance with organizational policies.

Navigate to Management > Users. Search the user either by name or email. Under the Actions column, select the Identity Lifecycle icon. All the issued identities are displayed. For each identity, application, and credential, you'll notice that actions are enabled based on their status. To proceed, select Actions and choose the desired option. The following are the lifecycle actions performed by the operators:

  • Suspend
  • Reactivate
  • Reset PIV PIN
  • Reset FIDO2 PIN
  • Revoke
  • Remove
  • Show PUK
  • Resend Initial PIN
  • View Initial PIN
  • Delete (Delete FIDO2 credentials)
  • Delete Users
  • Update

Identity Device Lifecycle Actions

The following are the possible lifecycle actions based on the status of the device for identity devices such as smart cards, security keys, and mobile devices.

Lifecycle Actions Process
Suspend When an active device (smart card, security key) is lost/damaged, you can suspend the device to avoid misuse. To suspend the device, select the identity, and select Actions > Suspend. Select one of the listed reasons to suspend the device and confirm.
Reactivate To reactivate a suspended device, select the identity, and select Actions > Reactivate.
Revoke When you revoke an identity, the device can no longer be used. Select the identity, and select Actions > Revoke. Provide a reason and revoke the device.
Remove Once the device is revoked, if you do not require it to be visible under the issued device list, you can remove it. Select the identity and select Actions > Remove.

Application Lifecycle Actions

The following are the possible lifecycle actions for the PIV and FIDO2 application:

Application Lifecycle Actions Process
PIV Reset PIV PIN
  1. Connect the identity device.
    1. For Smart cards: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected device.
  3. Select Actions > Reset PIV PIN.
  4. Enter a new PIN, and confirm it.
  5. Select OK.
  6. The PIV application PIN is reset.
Show PUK To view the PIV application PUK (PIV Unblock Key), select Actions > Show PUK.
Resend Initial PIN This option is visible only when the device is in the pending activate state. The operator can resend the initial PIV PIN (activation PIN) in case the users misplace or deleted the activation PIN sent to them via email. To resend the initial PIV PIN for a selected user's PIV identity, select Actions > Resend Initial PIN.
Update Update when additional credentials are available
View Initial PIN This option is visible only when the device is in the pending activate state. The operator can view the initial PIV PIN (activation PIN) that was sent to the user in the email. To view the initial PIV PIN for a selected user's PIV identity, select Actions > View Initial PIN.
FIDO2 Reset FIDO2 PIN
  1. Connect the identity device.
    1. For Smart cards: Connect a card reader to your computer and insert a smart card.
    2. For Security Key: Insert the security key into a USB port.
  2. Select the connected device.
  3. Select Actions > Reset FIDO2 PIN.
  4. Enter a new PIN, and confirm it.
  5. Select OK.
  6. The PIN is reset.
Update Update when additional credentials are available.
Delete To delete the FIDO2 application, select Actions > Delete.

Credential Lifecycle Actions

The table below outlines the credential lifecycle actions available to an operator. For each credential, choose Actions and then select the desired action.

Credential Lifecycle Actions
PIV
  • Authentication
  • Digital Signature
  • Encryption
  • Card Authentication
  • Suspend
  • Reactivate
  • Revoke
  • Delete
FIDO2 Credential
(Unifyia platform)
  • Suspend
  • Reactivate
  • Revoke
  • Delete
FIDO2 Provisioned Credential
(Relying Parties)
  • Delete
Mobile
  • Visual
  • Authentication
  • Digital Signature
  • Encryption
  • Card Authentication
  • FIDO2
  • Consent
  • OTP
  • Suspend
  • Reactivate
  • Revoke
  • Delete

Delete Users

To delete a user, go to Management > Users. Search the user by a username or an email in the search field. The user record is displayed. Select the Delete User icon at the far end of the displayed record to delete a user.


Back Next
On this page